Zero Trust: Why Trusting Less is a Good Idea

 07.01.2026, last updated 08.01.2026

I spent several years selling and implementing ZTNA solutions. Lots of VMware, plenty of Microsoft, some Fortinet. Good products, solid, well-thought-out, with good engineering behind them. The difficult part was almost never the technology—it was explaining what we were trying to solve.

Read more… ( ~19 Min.)
  Architecture Security
  Zero Trust ZTNA Security Architecture Identity Context Access

Business Continuity is not a product

 01.01.2026, last updated 08.01.2026

In many organizations, talking about Business Continuity is, in practice, talking about backups. Sometimes the concept is stretched a bit and things like replication, secondary sites, or disaster recovery are added to the mix. It sounds reasonable, technical, reassuring—especially the more terms are thrown in. The problem is that it’s conceptually wrong.

Read more… ( ~18 Min.)
  Architecture Business Continuity
  Backups Disaster Recovery Resilience Enterprise Architecture IT and Business

Protect to Enable: How to Integrate Security and Business

 28.12.2025, last updated 08.01.2026

Throughout my career, I have seen the same pattern repeat itself over and over: for many business or operational decision-makers, security appears as a problem, a brake, something that “complicates”, “delays” or “makes things more expensive.” Not as an enabler, not as part of the design, but as an annoying layer imposed from the outside. And the truth is, in many cases, they are not entirely wrong.

Read more… ( ~17 Min.)
  Security Architecture
  Protect to enable Control design Risk management Threat modeling

FIDO2, passkeys, and hardware authenticators

 18.12.2025, last updated 08.01.2026

For decades, digital security rested on a fragile assumption: that users could consistently safeguard secrets within increasingly complex systems. Unique, long passwords, rotated periodically and never reused. The problem was not a lack of rules, but the unrealistic expectation of human compliance.

Read more… ( ~18 Min.)
  Security
  Identity MFA FIDO2

Stop rotating passwords

 16.12.2025, last updated 08.01.2026

For years, periodic password rotation was treated as dogma: “you must change your passwords every 30/60/90 days or everything will burn”. Today, based on empirical evidence, real attack telemetry, rigorous studies, and modern frameworks, the technical consensus is clear: forcing password rotation adds little and can sometimes reduce security.

Read more… ( ~8 Min.)
  Security
  Identity MFA

Git, Distributed Version Control

 15.12.2025, last updated 08.01.2026

As I’ve mentioned before, I currently use Git as the repository for all this blog’s content. There, I store both the configuration files and the content itself (text and images) that later generate the functional website using Hugo   . Beyond this specific use case, I believe that knowing Git is fundamental for IT professionals, so I set out to write this introduction to the tool.

Read more… ( ~4 Min.)
  DevOps
  Git

Drop the firewall

 14.12.2025, last updated 08.01.2026

Welcome to Drop the firewall. This blog is a technical notebook. A place to write about networking, security, GNU/Linux, cloud computing, and related technologies. Sometimes as practical notes, other times as more conceptual reflections. There is no promise of regular posting or a rigid editorial line: there is curiosity, technical judgment, and a desire to understand how things actually work.

Read more… ( ~2 Min.)